haji bdt Privacy Policy
At haji bdt, your privacy is not an afterthought — it is a foundational commitment. This Privacy Policy explains exactly what personal data we collect, why we collect it, how we use and protect it, and the rights you hold over your own information as a player based in Bangladesh or anywhere else in the world.
Summary: haji bdt collects personal data to operate your account, process payments, comply with anti-money-laundering obligations, and personalise your experience. We do not sell your data to third parties. You have the right to access, correct, or request deletion of your personal data at any time by contacting our Data Protection Officer at [email protected].
Data We Collect
haji bdt collects personal data from you in several ways: directly when you register an account or contact support, automatically as you interact with the platform, and occasionally from third-party sources such as payment processors and identity-verification providers. The categories of data we collect are described in full below.
Registration Data
When you create a haji bdt account, we collect the information you provide in the registration form. This includes your full legal name, date of birth, residential address (including city and district — for example, Dhaka, Chittagong, Sylhet, Khulna, Rajshahi, or Barisal), email address, mobile phone number, and your chosen username. This data is necessary to create your account, verify your identity, and comply with our age-verification obligations.
Identity Verification (KYC) Data
To comply with our Know Your Customer obligations and to process withdrawals, haji bdt may request copies of identity documents. Accepted documents include your National Identity Card (NID), passport, or driver's licence. We may also request proof of address in the form of a utility bill or bank statement issued within the past three months. Where facial biometric verification is used in conjunction with document scanning, the biometric data is processed solely for the purpose of comparing the document photograph to the live image and is not stored beyond the verification event.
Payment Data
When you make a deposit or request a withdrawal, haji bdt and its payment processing partners collect transaction data. For mobile wallet methods (bKash, Nagad, Rocket, Upay), this includes your registered mobile number and transaction reference numbers. For bank transfers to Dutch-Bangla Bank, BRAC Bank, City Bank, Islami Bank, or Sonali Bank, this includes your account number and bank branch details. haji bdt does not store full card numbers or full bank account numbers on its own servers; this data is handled entirely by our PCI-DSS-compliant payment partners.
Usage & Behavioural Data
As you use the haji bdt platform, we automatically collect technical and behavioural data. This includes your IP address, device type and operating system, browser type and version, session timestamps, pages visited, games played, bet amounts and outcomes, and navigation paths through the site. This data is used to improve the platform, detect fraud, and personalise your experience.
Communications Data
If you contact haji bdt via live chat or email, we retain a record of those communications including the content of messages, timestamps, and the outcome of any support interaction. These records are kept to resolve disputes, train support staff, and monitor service quality.
| Data Category | Examples | Legal Basis |
|---|---|---|
| Registration Data | Name, DOB, email, phone, address | Contract performance |
| KYC / Identity Data | NID scan, passport, proof of address | Legal obligation (AML) |
| Payment Data | bKash number, bank account, transaction IDs | Contract performance |
| Usage & Behavioural Data | IP address, device, pages visited, bets placed | Legitimate interests |
| Communications Data | Live chat transcripts, support emails | Legitimate interests |
| Marketing Preferences | Email/SMS opt-in status, promo clicks | Consent |
How We Use Your Data
haji bdt uses your personal data only for the purposes described in this Privacy Policy. We do not use your data in ways that are incompatible with the original purpose for which it was collected. The primary purposes for which we process your data are as follows:
Account Management
Your registration data is used to create and maintain your haji bdt account, authenticate your identity when you log in, and allow you to access all platform features. Without this data, we cannot provide you with a personalised, secure gaming experience.
Processing Transactions
Payment data is used solely to process deposits and withdrawals in Bangladeshi Taka (BDT) via your chosen payment method. Transaction records are retained as required by our financial record-keeping obligations and to resolve any payment disputes that may arise.
Regulatory Compliance
haji bdt is obligated to maintain records of player identities and transactions for anti-money-laundering (AML) and counter-terrorism-financing (CTF) compliance purposes. KYC data is processed under this legal obligation and cannot be deleted while your account is active or during mandatory post-closure retention periods.
Fraud Prevention & Security
We use behavioural and usage data to detect unusual account activity, identify potentially fraudulent transactions, prevent multi-account abuse, and protect the platform from bot activity. Automated fraud-detection systems may flag activity for human review. No adverse decision is taken against a player account solely on the basis of automated processing without human oversight.
Responsible Gaming
haji bdt analyses betting patterns and session data to identify players who may be exhibiting signs of problem gambling. If our responsible gaming algorithms flag a concern, a member of the haji bdt team may reach out proactively. This processing is carried out in your interests and in fulfilment of our responsible gaming commitments.
Marketing & Personalisation
With your explicit consent, haji bdt may use your data to send you personalised promotional offers, bonus notifications, and news about new games or features. You can withdraw your consent to marketing communications at any time by updating your account preferences or by contacting support at [email protected]. Withdrawal of marketing consent does not affect the lawfulness of processing carried out before the withdrawal.
Platform Improvement
Aggregated and anonymised usage data is used to analyse platform performance, identify popular games and features, and inform product development decisions. In this form, the data cannot be traced back to any individual player and is not considered personal data.
Lawful Basis for Processing
Every data processing activity at haji bdt is underpinned by a specific lawful basis: contract performance, legal obligation, legitimate interests, or explicit consent. We do not process data on vague or unstated grounds.
No Data Selling
haji bdt does not sell, rent, or trade your personal data to any third party for their independent marketing purposes. Your data belongs to you and is used only to serve your haji bdt account.
Data Sharing
Our Commitment: haji bdt does not share your personal data with third parties for their own commercial purposes. Data is shared only with service providers who process it strictly on our behalf, or where we are required to do so by law.
In order to deliver its services, haji bdt works with a number of carefully selected third-party service providers who process personal data on our behalf as data processors. Each service provider is bound by a data processing agreement that restricts how they may use your data and requires them to apply security standards consistent with those maintained by haji bdt itself.
Payment Processing Partners
When you make a deposit or request a withdrawal, your relevant payment details are shared with the payment provider you have chosen (for example, bKash, Nagad, Rocket, Upay, or your nominated bank). These providers receive only the minimum data necessary to process the specific transaction. They are not permitted to use this data for any other purpose.
Identity Verification Providers
For KYC purposes, haji bdt may use a third-party identity verification service to validate documents you submit. The verification provider processes your identity document data and returns a verification result to haji bdt. Document images are handled in accordance with the verification provider's own data processing agreement, which requires deletion of document images upon completion of the verification check.
Game Content Providers
Games on the haji bdt platform are provided by third-party studios including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi. These providers may receive pseudonymised player identifiers and session data for the purpose of delivering game outcomes and detecting cheating. They do not receive your name, contact details, or payment information.
Legal & Regulatory Disclosures
haji bdt may be required to disclose personal data to law enforcement agencies, regulatory authorities, or courts in response to a lawful and binding request. In such cases, haji bdt will disclose only the minimum data required by the request and will, where legally permitted, notify the affected player of the disclosure.
Business Transfers
In the event of a merger, acquisition, or sale of all or part of haji bdt's business, personal data held by haji bdt may form part of the transferred assets. In such circumstances, affected players will be notified in advance and the acquiring entity will be required to honour the commitments made in this Privacy Policy.
Cookies & Tracking
haji bdt uses cookies and similar tracking technologies to operate the platform, remember your preferences, analyse usage patterns, and — with your consent — deliver personalised content. This section explains the types of cookies we use and how you can manage them.
What Are Cookies?
Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work more efficiently, to remember your preferences, and to provide information to website operators about how their site is being used. haji bdt uses both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device for a set period or until you delete them).
Types of Cookies We Use
| Cookie Type | Purpose | Duration | Consent Required |
|---|---|---|---|
| Strictly Necessary | Session management, login authentication, security tokens | Session | No — essential for site function |
| Functional | Language preferences, display settings, remembered username | Up to 12 months | No — enhances usability |
| Analytics | Pageview counts, session duration, navigation paths (anonymised) | Up to 24 months | Yes |
| Marketing | Promotional content personalisation, affiliate attribution | Up to 30 days | Yes |
Managing Your Cookie Preferences
You can control which non-essential cookies are placed on your device by adjusting your browser settings. Most modern browsers allow you to block or delete cookies through their privacy or settings menus. Please note that disabling certain cookies may affect the functionality of the haji bdt platform — for example, disabling functional cookies may mean your login session is not remembered between visits.
Deleting cookies does not delete your haji bdt account data or any personal information stored on our servers. If you wish to exercise rights over your stored personal data, please refer to the Your Rights section of this policy.
Local Storage & Similar Technologies
In addition to cookies, haji bdt may use browser local storage and session storage to temporarily hold small pieces of data such as game state information or UI preference flags. This data is stored on your device and is not transmitted to haji bdt servers in its raw form. It is cleared when you clear your browser's site data.
Data Retention
haji bdt retains personal data only for as long as necessary to fulfil the purpose for which it was collected, or for as long as required by applicable legal and regulatory obligations. Different categories of data are subject to different retention periods, as outlined below.
Active Account Data
While your haji bdt account remains open and active, we retain all registration data, KYC documents, payment records, transaction history, and communications data associated with your account. This data is necessary to deliver the service, manage your account, and comply with our ongoing regulatory obligations.
Post-Closure Retention
After your account is closed — whether at your request or by haji bdt — we are required to retain certain categories of data for a minimum period of five years. This post-closure retention requirement applies primarily to KYC/identity documents and financial transaction records, and exists to satisfy anti-money-laundering and financial record-keeping obligations. After the mandatory retention period has expired, this data is securely deleted or anonymised.
Marketing Data
If you have opted in to marketing communications, we retain your marketing preferences and associated contact details until you withdraw your consent or for a maximum of three years of inactivity (whichever comes first), after which your marketing data is reviewed and either refreshed with new consent or deleted.
Support Communications
Live chat and email support records are retained for two years from the date of the interaction, to support dispute resolution and quality assurance processes. After two years, support records are anonymised or deleted.
Anonymised Analytics Data
Aggregated and anonymised usage data — from which no individual player can be identified — may be retained indefinitely for platform analytics and reporting purposes. This data is not considered personal data and is not subject to deletion obligations.
Active Account Records
Retained for the full lifetime of your account. All data is accessible by you at any time via account settings or by contacting support.
Post-Closure: 5 Years
KYC documents and financial transaction records are retained for five years after account closure in line with AML legal obligations.
Secure Deletion
Data that has passed its retention period is securely deleted or irreversibly anonymised. haji bdt does not retain data beyond lawful necessity.
Your Rights
Exercising Your Rights: To exercise any of the rights described in this section, contact the haji bdt Data Protection Officer at [email protected] with the subject line "Data Rights Request". Include your registered full name, account username, and a clear description of the right you wish to exercise. We will respond within 30 days of receiving a valid, complete request.
As a player whose personal data is processed by haji bdt, you hold a number of rights in relation to that data. haji bdt is committed to respecting and facilitating these rights in a straightforward and timely manner.
Right of Access
You have the right to request a copy of the personal data that haji bdt holds about you. Upon receipt of a valid access request, haji bdt will provide a summary of all personal data held in your account, including registration data, KYC records, payment history, and communications records, within 30 days. This service is provided free of charge for one request per calendar year; subsequent requests within the same year may attract a reasonable administrative fee.
Right to Rectification
If any personal data held by haji bdt is inaccurate or incomplete, you have the right to request that it be corrected. You can update most account information — such as your address, email address, or phone number — directly from within your account settings. For corrections to identity documents or date of birth, please contact support and provide appropriate documentary evidence of the correct information.
Right to Erasure
You have the right to request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, or where you withdraw consent and there is no other lawful basis for continued processing. Please note that this right is subject to overriding legal obligations: haji bdt is required to retain KYC and financial transaction records for a minimum of five years post-account-closure and cannot delete this data at your request during the mandatory retention period. All other data categories will be deleted promptly upon a valid erasure request.
Right to Restriction of Processing
You have the right to request that haji bdt restricts the processing of your personal data in certain circumstances — for example, while the accuracy of data you have contested is being verified, or while you have objected to processing and haji bdt is assessing whether its legitimate interests override yours. During a restriction period, haji bdt will retain the data but will not actively process it beyond storage.
Right to Data Portability
Where processing is based on your consent or on contract performance, and is carried out by automated means, you have the right to receive a copy of your personal data in a structured, commonly used, machine-readable format (such as JSON or CSV). You may also request that this data be transmitted directly to another controller where technically feasible.
Right to Object
You have the right to object to the processing of your personal data where that processing is based on haji bdt's legitimate interests. If you raise an objection, haji bdt will cease that specific processing unless it can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms. You have an unconditional right to object to processing for direct marketing purposes, and haji bdt will always honour that objection without requiring justification.
Data Security
haji bdt takes the security of your personal data seriously and implements a range of technical and organisational measures to protect it against unauthorised access, accidental loss, alteration, or disclosure. These measures are reviewed and updated regularly to reflect the evolving threat landscape and industry best practices.
Encryption in Transit
All data transmitted between your device and the haji bdt platform is encrypted using 256-bit TLS (Transport Layer Security). This means that any data you send or receive — including login credentials, payment details, and personal information — cannot be intercepted and read by a third party during transmission. The presence of a padlock icon in your browser's address bar confirms that your connection to haji bdt is secured.
Encryption at Rest
Sensitive personal data stored on haji bdt's servers — including KYC documents, account credentials, and payment records — is encrypted at rest using AES-256 encryption. Database access is restricted to authorised personnel only, and all access events are logged and monitored.
Access Controls
haji bdt operates a strict role-based access control (RBAC) system that ensures employees can access personal data only to the extent required by their specific job function. Support agents can view account details necessary to assist you; they cannot view your full payment account numbers or KYC document images unless explicitly required by a support interaction and escalated to the appropriate team.
Breach Response
In the event of a personal data breach that poses a risk to the rights and freedoms of affected players, haji bdt will notify affected individuals without undue delay and will take all reasonable steps to contain the breach, assess its impact, and prevent recurrence. Significant breaches will be reported to relevant authorities as required by applicable law.
Your Role in Security
While haji bdt maintains robust security measures on its side, the security of your account also depends on the strength and confidentiality of your login credentials. You are responsible for maintaining a strong, unique password for your haji bdt account and for not sharing your credentials with any third party. haji bdt will never ask for your password via email, live chat, or any other communication channel.
256-Bit TLS
All data in transit is encrypted end-to-end.
AES-256 at Rest
Stored data is encrypted using military-grade AES-256.
RBAC Controls
Strict role-based staff access to all personal data.
Breach Alerts
Players notified promptly in any data breach event.
Contact & DPO
If you have any questions about this Privacy Policy, wish to exercise a data right, or want to raise a concern about how haji bdt handles your personal data, please contact our Data Protection Officer (DPO) using the details below. All privacy-related enquiries are handled with strict confidentiality.
Data Protection Officer
haji bdt has appointed a Data Protection Officer who is responsible for overseeing compliance with this Privacy Policy and all applicable data protection obligations. The DPO can be reached at:
- Email: [email protected] (subject line: "Privacy / DPO Enquiry")
- Live Chat: Available 24/7 via the haji bdt platform — ask to be connected to the Data Protection team
- Business Hours: 08:00 – 24:00 Bangladesh Standard Time (BST, UTC+6), daily
haji bdt aims to respond to all privacy enquiries within five business days of receipt. Complex data rights requests (such as full subject access requests or erasure requests requiring legal review) will be completed within 30 calendar days.
Updates to This Privacy Policy
haji bdt reserves the right to update this Privacy Policy at any time to reflect changes in our data processing practices, legal obligations, or platform features. When material changes are made, registered players will be notified by email to their registered address at least seven days before the changes take effect. The effective date at the top of this page will always reflect when the current version came into force. Continued use of the haji bdt platform after the effective date of any updated Privacy Policy constitutes your acceptance of the revised terms.
Governing Law
This Privacy Policy is governed by applicable international data protection principles. haji bdt is committed to maintaining fair, transparent, and lawful data processing practices consistent with globally recognised privacy standards, including those reflected in the General Data Protection Regulation (GDPR) as a benchmark framework. Players based in Bangladesh are also protected by haji bdt's internal data governance policies, which are designed to uphold the highest standards of data protection regardless of jurisdiction.
18+ Reminder: haji bdt is an adult-only platform. All registered players must be 18 years of age or older. If you believe a minor has accessed the platform or provided personal data, please contact us immediately at [email protected] so we can take appropriate action, including account closure and secure deletion of any data collected.
Ready to Get Started?
Now that you know how we protect your data, explore everything haji bdt has to offer — from live cricket betting to premium slots and the full casino experience.